Integrate Deploy with Digital.ai Platform Identity Service

Prerequisites

You must contact the Digital.ai Support team to get started with integrating Digital.ai Deploy with the Digital.ai Platform Identity Service.

For more information, see:

• Digital.ai Platform Account Administrator Handbook to quickly understand what it takes to integrate with the Digital.ai Platform Identity Service.
• Digital.ai Platform Documentation to learn more about the Digital.ai Platform Identity Service.

Add Deploy as a Client in the Platform Identity Service

1. Log in to the Digital.ai Platform Identity Service.
2. Go to Admin > Clients > Add OIDC Client
3. Give the client a name (for example, deploy)

4. Add a valid redirect URI in the Valid Redirect URIs.

   <deploy url>/oidc-login

5. Save the client.

Configuring Deploy

Do this on the Digital.ai Deploy server.

1. Install and enable the OIDC Authentication plugin, modify the Default configuration property to OIDC in the XL_DEPLOY_SERVER_HOME/centralConfiguration/deploy-server.yaml file.

2. To configure the OIDC Authentication plugin, add the following YAML code snippet to the XL_DEPLOY_SERVER_HOME/centralConfiguration/deploy-oidc.yaml file.

   deploy.security:
    auth:
      providers:
       oidc:
        loginMethodDescription:
        clientId: "<Your client ID>"
        clientSecret: "<Your client secret>"
        issuer: "<Enter the Open ID Provider Issuer>" # for example "https://identity.staging.digital.ai/auth/realms/demoaccount"
        redirectUri: "<deploy url>/login/external-login"
        postLogoutRedirectUri: "<deploy url>/login/external-login"
        rolesClaimName: "realm_access.roles"
        userNameClaimName: preferred_username

   The above configuration automatically fetches the required configuration from the discovery endpoint.

   For more information, see Configure Digital.ai Deploy for OIDC Authentication.